# Allow SSH, trap and block offenders into 'ssh-abuse' table pass inet proto tcp from any to $ext_if port ssh \ flags S/SA keep state \ (max-src-conn 20, max-src-conn-rate 5/3, \ overload flush global)